I'm completely convinced of the performance lost using NTLM authentication, but if I'm right, it's the only way to do a transparent authentication for a client using IE. That's why I'm trying it...
I'm actually testing a new conf without challenge reuse, but I got no "luck" today, no peak time until now. I'll post results as soon as I get some. As NTLMv2 is supported since samba 3.0.2 (I think), is there a way to do NTLMv2 authentication in squid (I've heard of a registry key to modify in Windows for the client side)? To see if it may change something... Regards, Pierre-Emmanuel -----Message d'origine----- De : Henrik Nordstrom [mailto:[EMAIL PROTECTED] Envoyé : lundi 26 avril 2004 14:32 À : SXB6300 Mailing Cc : [EMAIL PROTECTED] Objet : RE: [squid-users] NTLM helper performance problem On Mon, 26 Apr 2004, SXB6300 Mailing wrote: > Just another question : do you recommand using challenge reuse or not? Because I was > thinking of it as a way to limit the communication with the DC... I don't recommend challenge reuse, but if you have a small number of users and a very busy DC then it may help some.. For larger setups it in my opinion just makes the load to random to predict in a reasonable manner. But you are welcome to give it a try if you like. But you still need a relatively high number of helpers. There is a lot to improve on to make challenge reuses really working the way they should. There is also the issue with a temporary memory leak in reused challenges (see known issues). In future challenge reuse will be phased out even further in favor for full NTLMSSP negotiation alloving proper NTLMv2 and NTLM2 operation where challenge reuse is not an option. Note: Until HTTP/1.1 is supported by Squid NTLM performance will be poor at best due to the nature of NTLM. Regards Henrik